PCI
PCI DSS: From gap analysis to full certification readiness, including Scoping, Pre-Assessment, |
Scoping Exercise
Determine the cardholder data environment (CDE)
Define system components and third-party involvement
Identify in-scope processes, networks, and systems
Gap Assessment
Review current controls against PCI DSS v4.0 requirements
Identify gaps and risk areas
Provide a prioritized remediation roadmap
Options Analysis
Evaluate remediation strategies
Recommend compensating controls or segmentation options
Support decisions with cost-benefit insights
Remediation Assistance
Advisory support throughout remediation efforts
Policy and procedure development
Control implementation and validation
Formal PCI DSS Assessment
Conduct a full Level 1 assessment
Complete Report on Compliance (ROC)
Submit Attestation of Compliance (AOC)
ASV Scanning
Quarterly external vulnerability scans by certified ASV
Review of findings and retest where necessary
Penetration Testing
Annual internal and external penetration testing
Segmentation validation and report
Staff Training
Secure Coding Training (for developers)
Incident Response Training (for IR teams)
Security Awareness Training (for general staff)